VYPR
← All advisories
High severity7.8NVD Advisory· Published May 1, 2025· Updated Apr 18, 2026

CVE-2025-37778

CVE-2025-37778

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix dangling pointer in krb_authenticate

krb_authenticate frees sess->user and does not set the pointer to NULL. It calls ksmbd_krb5_authenticate to reinitialise sess->user but that function may return without doing so. If that happens then smb2_sess_setup, which calls krb_authenticate, will be accessing free'd memory when it later uses sess->user.

Affected products

4
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.15,<6.1.135
    • cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*

Patches

5
d5b554bc8d55
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
1db2451de23e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
6e30c0e10210
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
e83e39a5f6a0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
1e440d5b25b7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.